# ./testparm -v Load smb config files from /etc/opt/samba/smb.conf rlimit_max: increasing rlimit_max (2048) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[tmp]" Loaded services file OK. idmap range not specified for domain '*' ERROR: Invalid idmap range for domain *! Processing comments in /etc/opt/samba/smb.conf Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] abort shutdown script = add group script = add machine script = addport command = addprinter command = add share command = add user script = add user to group script = afs token lifetime = 604800 afs username map = aio max threads = 100 algorithmic rid base = 1000 allow dcerpc auth level connect = No allow dns updates = secure only allow insecure wide links = No allow nt4 crypto = No allow trusted domains = Yes allow unsafe cluster upgrade = No apply group policies = No async smb echo handler = No auth event notification = No auto services = binddns dir = /opt/samba/bind-dns bind interfaces only = No browse list = Yes cache directory = /var/opt/samba/cache change notify = Yes change share command = check password script = cldap port = 389 client ipc max protocol = default client ipc min protocol = default client ipc signing = default client lanman auth = No client ldap sasl wrapping = plain client max protocol = default client min protocol = CORE client NTLMv2 auth = Yes client plaintext auth = No client schannel = Yes client signing = default client use spnego principal = No client use spnego = Yes cluster addresses = clustering = No config backend = file config file = create krb5 conf = Yes ctdbd socket = ctdb locktime warn threshold = 0 ctdb timeout = 0 cups connection timeout = 30 cups encrypt = No cups server = dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver deadtime = 0 debug class = No debug hires timestamp = Yes debug pid = No debug prefix timestamp = No debug uid = No dedicated keytab file = default service = defer sharing violations = Yes delete group script = deleteprinter command = delete share command = delete user from group script = delete user script = dgram port = 138 disable netbios = No disable spoolss = No dns forwarder = dns proxy = No dns update command = /opt/samba/bin/samba_dnsupdate dns zone scavenging = No domain logons = Yes domain master = Yes dos charset = CP850 dsdb event notification = No dsdb group change notification = No dsdb password event notification = No enable asu support = No enable core files = Yes enable privileges = Yes encrypt passwords = Yes enhanced browsing = Yes enumports command = eventlog list = get quota command = getwd cache = Yes gpo update command = /opt/samba/bin/samba-gpupdate guest account = smbnull homedir map = host msdfs = Yes hostname lookups = No idmap backend = tdb idmap cache time = 604800 idmap gid = idmap negative cache time = 120 idmap uid = include system krb5 conf = Yes init logon delay = 100 init logon delayed hosts = interfaces = iprint server = keepalive = 300 kerberos encryption types = all kerberos method = default kernel change notify = Yes kpasswd port = 464 krb5 port = 88 lanman auth = No large readwrite = Yes ldap admin dn = ldap connection timeout = 2 ldap debug level = 0 ldap debug threshold = 10 ldap delete dn = No ldap deref = auto ldap follow referral = Auto ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap page size = 1000 ldap passwd sync = no ldap replication sleep = 1000 ldap server = localhost ldap server require strong auth = Yes ldap ssl = start tls ldap ssl ads = No ldap suffix = ldap timeout = 15 ldap user suffix = lm announce = Auto lm interval = 60 load printers = Yes local master = Yes lock directory = /var/opt/samba/locks lock spin time = 200 log file = /var/opt/samba/log.%m logging = log level = 2 log nt token command = logon drive = logon home = \\%N\%U logon path = \\%N\%U\profile logon script = log writeable files on exit = No lpq cache time = 30 lsa over netlogon = No machine password timeout = 604800 mangle prefix = 1 mangling method = hash2 map to guest = Never max disk size = 0 max log size = 10000 max mux = 50 max open files = 16384 max smbd processes = 0 max stat cache size = 256 max ttl = 259200 max wins ttl = 518400 max xmit = 16644 mdns name = netbios message command = min receivefile size = 0 min wins ttl = 21600 mit kdc command = multicast dns register = Yes name cache timeout = 660 name resolve order = lmhosts wins host bcast nbt client socket address = 0.0.0.0 nbt port = 137 ncalrpc dir = /var/opt/samba/run/ncalrpc netbios aliases = netbios name = DAYTONA netbios scope = neutralize nt4 emulation = No NIS homedir = No nmbd bind explicit broadcast = Yes nsupdate command = /usr/bin/nsupdate -g ntlm auth = ntlmv2-only nt pipe support = Yes ntp signd socket directory = /opt/samba/lib/samba/ntp_signd nt status support = Yes null passwords = No obey pam restrictions = No old password allowed period = 60 oplock break wait time = 0 os2 driver map = os level = 20 pam password change = No panic action = passdb backend = tdbsam passdb expand explicit = No passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 passwd program = password hash gpg key ids = password hash userPassword schemes = password server = * perfcount module = pid directory = /var/opt/samba/run preferred master = Yes prefork children = 1 preload modules = printcap cache time = 750 printcap name = private dir = /var/opt/samba/private raw NTLMv2 auth = No read raw = Yes realm = registry shares = No reject md5 clients = No reject md5 servers = No remote announce = remote browse sync = rename user script = require strong key = Yes reset on zero vc = No restrict anonymous = 0 rndc command = /usr/sbin/rndc root directory = rpc big endian = No rpc server dynamic port range = 49152-65535 rpc server port = 0 samba kcc command = /opt/samba/bin/samba_kcc security = USER server max protocol = SMB3 server min protocol = LANMAN1 server multi channel support = No server role = auto server schannel = Yes server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns server signing = default server string = Samba Server set primary group script = set quota command = share backend = classic show add printer wizard = Yes shutdown script = smb2 leases = Yes smb2 max credits = 8192 smb2 max read = 8388608 smb2 max trans = 8388608 smb2 max write = 8388608 smbd profiling level = off smb passwd file = /var/opt/samba/private/smbpasswd smb ports = 445 139 socket options = TCP_NODELAY spn update command = /opt/samba/bin/samba_spnupdate ssl cert path = /etc/opt/ldapux stat cache = Yes state directory = /var/opt/samba/locks svcctl list = syslog = 1 syslog only = No template homedir = /home/%D/%U template shell = /bin/false time server = No timestamp logs = Yes tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls priority = NORMAL:-VERS-SSL3.0 tls verify peer = as_strict_as_possible unicode = Yes unix charset = UTF-8 unix extensions = Yes unix password sync = No use mmap = Yes username level = 0 username map = username map cache time = 0 username map script = usershare allow guests = No usershare max shares = 0 usershare owner only = Yes usershare path = /var/opt/samba/locks/usershares usershare prefix allow list = usershare prefix deny list = usershare template share = utmp = No utmp directory = web port = 901 winbind cache time = 300 winbind cache ug list = Yes winbindd socket directory = /var/opt/samba/run/winbindd winbind enum groups = No winbind enum users = No winbind expand groups = 0 winbind max clients = 200 winbind max domain connections = 1 winbind nested groups = Yes winbind normalize names = No winbind nss info = template winbind offline logon = No winbind reconnect delay = 30 winbind refresh tickets = No winbind request timeout = 60 winbind rpc only = No winbind scan trusted domains = Yes winbind sealed pipes = Yes winbind separator = \ winbind use default domain = No wins hook = wins proxy = No wins server = wins support = Yes workgroup = DAYTONADOM write raw = Yes wtmp directory = idmap config * : backend = tdb access based share enum = No acl allow execute always = No acl check permissions = Yes acl group control = No acl map full control = Yes administrative share = No admin users = afs share = No aio read size = 1 aio write behind = aio write size = 1 allocation roundup size = 1048576 available = Yes blocking locks = Yes block size = 1024 browseable = Yes case sensitive = Auto check parent directory delete on close = No comment = copy = create mask = 0744 csc policy = manual cups options = default case = lower default devmode = Yes delete readonly = No delete veto files = No dfree cache time = 0 dfree command = directory mask = 0755 directory name cache size = 100 disk quotas = Yes dmapi support = No dont descend = dos filemode = No dos filetime resolution = Yes dos filetimes = Yes durable handles = Yes ea support = No fake directory create times = No fake oplocks = No follow symlinks = Yes force create mode = 0000 force directory mode = 0000 force group = force printername = No force unknown acl user = No force user = fstype = NTFS guest ok = No guest only = No hide dot files = Yes hide files = hide special files = No hide unreadable = No hide unwriteable files = No hosts allow = hosts deny = include = inherit acls = No inherit owner = no inherit permissions = No invalid users = kernel oplocks = No kernel share modes = Yes large directory search priority = Normal level2 oplocks = Yes locking = Yes lppause command = lpq command = lpstat -o%p lpresume command = lprm command = cancel %p-%j magic output = magic script = mangled names = yes mangling char = ~ map acl inherit = No map archive = Yes map hidden = No map readonly = no map share modes = No map system = No max connections = 0 max print jobs = 1000 max reported print jobs = 0 min print space = 0 msdfs proxy = msdfs root = No msdfs shuffle referrals = No nt acl support = Yes ntvfs handler = unixuid, default oplocks = Yes path = posix locking = Yes postexec = preexec = preexec close = No preserve case = Yes printable = No print command = lp -c -d%p %s; rm %s printer name = printing = hpux printjob username = %U print notify backchannel = No queuepause command = disable %p queueresume command = enable %p read list = read only = No root postexec = root preexec = root preexec close = No short preserve case = Yes smb encrypt = default spotlight = No store dos attributes = No strict allocate = No strict locking = Auto strict rename = No strict sync = Yes sync always = No unix ignore mask = Yes use client driver = No use sendfile = No valid users = veto files = veto oplock files = vfs objects = volume = wide links = No write cache size = 0 write list = [netlogon] comment = The domain logon service path = /var/opt/samba/netlogon read only = Yes [tmp] comment = Temporary file space guest ok = Yes path = /tmp